Skip to content

Latest commit

 

History

History
122 lines (91 loc) · 5.3 KB

README.md

File metadata and controls

122 lines (91 loc) · 5.3 KB
Raw

Quick Links

Azure DevOps Pipeline for Wordpress

  • This repo contains the source for a Azure DevOps CI/CD Pipeline that integrates and deploys WordPress on AWS EKS with monitoring, logging, static application security testing, and container vulnerability scanning
  • The pipeline script builds a container image of our custom WordPress installation using Docker.
  • Then it pushes the image to Docker Hub.
  • Then it provisions an EKS Kubernetes cluster on AWS using Terraform.
  • After that, it creates a Let's Encrypt SSL Certificate still using Terraform.
  • Sensitive data are passed to the cluster by converting Ansible Jinja2 template files to regular files while passing secrets to them from Ansible Vault
  • Then it provisions an AWS load balancer controller on AWS using Terraform and Helm
  • Afterwards, it deploys Prometheus and Grafana for monitoring using Terraform and Helm charts.
  • Using Terraform and Helm again, it deploys the Elastic Stack (Elasticsearch, Logstash, Kibana, and Filebeat)
  • Next, it scans the docker image for vulnerabilities using Trivy.
  • Then it deploys WordPress.

Screenshots

The Content Management System (WordPress)

Screenshot (263)

Logging (Elastic Stack)

Log Overview Log Stream

Monitoring (Prometheus and Grafana)

Screenshot (266) Screenshot (267) Screenshot (268) Screenshot (269) Screenshot (270) Screenshot (271) Screenshot (272) Screenshot (274)

Azure DevOps

Screenshot (279) Screenshot (280)

SonarQube

Screenshot (264) Screenshot (265)

Trivy

Screenshot (277) Screenshot (278)

How to Use It

ANSIBLE VARIABLES

Create the following variables in a file called secrets.yml

  • db_user
  • db_password
  • dp_port
  • email
  • email_password
  • mail_server
  • slack_api

Then encrypt the secrets.yml file with ansible vault.

CREATING THE S3 AND DYNAMO DB BACKEND FOR TERRAFORM

  • Once the variables and sensitive information are in place, cd into the backend directory and adjust the variables.tf.
  • Open the s3.tf file and comment out force_destroy = true in the aws_s3_bucket resource block.
  • Then run terraform init && terraform apply -auto-approve

SET UP A PIPELINE ON YOUR AZURE DEVOPS SERVER

  • Install SonarQube extension and Trivy extension from Visual Studio Marketplace

PROVISION AND DEPLOY

AZURE DEVOPS VARIABLES

  • Create a file - .pass.txt - containing your ansible vault password.
  • Upload the file to the secure files library of your Azure DevOps project.
  • Create a variable group with the following variable names:
    • access_key_id
    • account_id
    • arn
    • db_name
    • docker_password
    • docker_username
    • email
    • password
    • region
    • secret_access_key
    • username

Values for the Variables

  • Value of access_key_id should be AWS access key ID
  • Value of secret_access_key should be AWS secret access key
  • Value of account_id should be AWS Account ID
  • Value of docker_password should be your Docker password
  • Value of docker_username should be your Docker username
  • Value of username should be database username
  • Value of password should be database password
  • Value of db_name should be database name
  • Value of arn should be your AWS ARN
  • Value of email should be email address for SSL certificate
  • Value of region should be the AWS region you're working in
  • Then Build.